<?xml version="1.0" encoding="utf-8"?>
<!--
                                                                                     
 h       t     t                ::       /     /                     t             / 
 h       t     t                ::      //    //                     t            // 
 h     ttttt ttttt ppppp sssss         //    //  y   y       sssss ttttt         //  
 hhhh    t     t   p   p s            //    //   y   y       s       t          //   
 h  hh   t     t   ppppp sssss       //    //    yyyyy       sssss   t         //    
 h   h   t     t   p         s  ::   /     /         y  ..       s   t    ..   /     
 h   h   t     t   p     sssss  ::   /     /     yyyyy  ..   sssss   t    ..   /     
                                                                                     
	<https://y.st./>
	Copyright © 2018 Alex Yst <mailto:copyright@y.st>

	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program. If not, see <https://www.gnu.org./licenses/>.
-->
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<base href="https://y.st./en/weblog/2018/08-August/28.xhtml"/>
		<title>Incompetent support &lt;https://y.st./en/weblog/2018/08-August/28.xhtml&gt;</title>
		<link rel="icon" type="image/png" href="/link/CC_BY-SA_4.0/y.st./icon.png"/>
		<link rel="stylesheet" type="text/css" href="/link/main.css"/>
		<script type="text/javascript" src="/script/javascript.js"/>
		<meta name="viewport" content="width=device-width"/>
	</head>
	<body>
<nav>
	<p>
		<a href="/en/coursework/">Coursework</a> |
		<a href="/en/take-down/">Take-down requests</a> |
		<a href="/en/">Home</a> |
		<a href="/en/a/about.xhtml">About</a> |
		<a href="/en/a/contact.xhtml">Contact</a> |
		<a href="/a/canary.txt">Canary</a> |
		<a href="/en/URI_research/"><abbr title="Uniform Resource Identifier">URI</abbr> research</a> |
		<a href="/en/opinion/">Opinions</a> |
		<a href="/en/law/">Law</a> |
		<a href="/en/recipe/">Recipes</a> |
		<a href="/en/a/links.xhtml">Links</a> |
		<a href="/en/weblog/2018/08-August/28.xhtml.asc">{this page}.asc</a>
	</p>
	<hr/>
	<p>
		Weblog index:
		<a href="/en/weblog/memories">Memories</a> |
		<a href="/en/weblog/"><abbr title="American Standard Code for Information Interchange">ASCII</abbr> calendars</a> |
		<a href="/en/weblog/index_ol_ascending.xhtml">Ascending list</a> |
		<a href="/en/weblog/index_ol_descending.xhtml">Descending list</a>
	</p>
	<hr/>
	<p>
		Jump to entry:
		<a href="/en/weblog/2015/03-March/07.xhtml">&lt;&lt;First</a>
		<a rel="prev" href="/en/weblog/2018/08-August/27.xhtml">&lt;Previous</a>
		<a rel="next" href="/en/weblog/2018/08-August/29.xhtml">Next&gt;</a>
		<a href="/en/weblog/latest.xhtml">Latest&gt;&gt;</a>
			</p>
			<hr/>
</nav>
		<header>
			<h1>Incompetent support</h1>
			<p>Day 01270: <time>Tuesday, 2018 August 28</time></p>
		</header>
<img src="/img/CC_BY-SA_4.0/y.st./weblog/2018/09/28.jpg" alt="Heading down the street" class="framed-centred-image" width="649" height="480"/>
<section id="banking">
	<h2>Credit union issues</h2>
	<p>
		I received an email from Selco telling me that they were unable to modify my account if I spoke with them via email, as they deem email to be an insecure channel.
		I&apos;d have to agree, if you don&apos;t use <abbr title="Pretty Good Privacy">PGP</abbr>, and Selco doesn&apos;t.
		However, they then insisted I telephone them.
		There are a couple flaws with their argument.
		First, telephone lines are <strong>*also*</strong> insecure.
		But more to the point, I never <strong>*asked*</strong> them to update my account.
		I asked them to explain how <strong>*I*</strong>could update it myself from my end.
		I replied as such, and explained I have no telephone service and cannot call a number.
		Then, I headed back to the branch.
	</p>
	<p>
		The representative took me back to the public computer.
		We obviously couldn&apos;t change my password from there, as I need to be on my own machine to use my password manager, but they could see the problem for themself.
		Or not.
		The in-branch computer had the option to change the password, and it was exactly in the spot I assumed it&apos;d be in.
		Is the site disabling certain options based on <abbr title="Internet Protocol">IP</abbr> address?
	</p>
	<p>
		I also noticed when I logged on that the email support representative had removed the zeroed-out telephone number entered by the in-branch representative that opened my account.
		The account was free of telephone numbers now, even obviously-bogus ones.
		Now, when I logged in, I&apos;d be requested to verify my contact information and be presented with two options: I could either verify or skip.
		However, it won&apos;t let me verify without entering a telephone number, so skipping is the only valid option.
		Everyone&apos;s so hung up on telephones that they can&apos;t even consider the possibility that someone might not have one, at least until you shove that very real possibility in their faces in a direct conversation with them.
	</p>
	<p>
		The in-branch representative then telephoned support, but they didn&apos;t listen well to the problem, so they conveyed very incorrect details to support.
		They claimed the website had been sending me emails without the temporary passwords that were supposed to be sent, and support couldn&apos;t help wit that, possibly because there&apos;s no way the system would behave that way.
		Instead, the website had been sending me the temporary passwords via email just fine, the website just them wouldn&apos;t accept the passwords it had sent me.
		So the in-branch representative was of no help, beyond confirming that the website behaves differently from the in-branch computer.
	</p>
	<p>
		I got home and tried again to change my password.
		I couldn&apos;t log in though.
		After entering my credentials, the contact information update showed up, but this time, sans submitable form.
		No field, no submit button, and no skip button.
		I tried <abbr title="Uniform Resource Identifier">URI</abbr> manipulation to get past that page, assuming myself to be logged in, as the site had already accepted my account number and password, but I wasn&apos;t.
		Until I submitted this nonexistent form, I wasn&apos;t yet logged in.
		I tried the password reset option and found the temporary passwords sent by to my inbox now work.
		Perhaps the likely-<abbr title="Internet Protocol">IP</abbr>-address-based blocks on the temporary passwords only apply when setting up online banking, not when resetting the password on an existing account.
		In any case, I was finally able to set a secure password.
		As a bonus, resetting the password bypassed the contact information update request, even if only for that particular session.
		I&apos;d just need to reset my password ever time I needed to log in.
	</p>
	<p>
		Except ...
		That wouldn&apos;t work either.
		When trying to make sure my results were repeatable and that I had things in a manageable state, I found a second password reset wasn&apos;t allowed.
		Whenever I&apos;d try, I&apos;d bee told that my password was too long (if it had even a single character in it) or that a password was required (if I tried leaving the field blank, seeing as even one character was too long).
	</p>
	<p>
		I contacted Web support this time.
		They modified my account so I could log in.
		They didn&apos;t say exactly what they did, but I&apos;m guessing they added a bogus telephone number, seeing as this new problem only started when email support removed the initial bogus number.
		While I had them there, I asked about the inability to access the profile settings, which is what&apos;s been preventing my from updating my password.
		They wanted me to try different browsers, so I explained how the problem is visible in Firefox, but I can&apos;t even log in in Chromium.
		The account number and password fields are missing, along with the submit button.
		I asked what browser they wanted me to try.
		They wanted me to use Internet Explorer.
		Of course.
		Probably the world&apos;s buggiest and least secure Web browser available.
		I explained I didn&apos;t have access to Internet Explorer, and they asked a bunch of other questions to try to pin the issue on my machine, such as whether I was having issues with other websites as well.
		Anyway, nothing on that front got solved, and I was told the credit union&apos;s Web specialist would get back to me about the issue in several days.
		So we&apos;ll see how that goes.
	</p>
</section>
<section id="health">
	<h2>Health</h2>
	<p>
		This protein powder is surprisingly filling.
		I thought I&apos;d need to eat it with a meal, but it functions well enough <strong>*as*</strong> a meal.
	</p>
</section>
		<hr/>
		<p>
			Copyright © 2018 Alex Yst;
			You may modify and/or redistribute this document under the terms of the <a rel="license" href="/license/gpl-3.0-standalone.xhtml"><abbr title="GNU&apos;s Not Unix">GNU</abbr> <abbr title="General Public License version Three or later">GPLv3+</abbr></a>.
			If for some reason you would prefer to modify and/or distribute this document under other free copyleft terms, please ask me via email.
			My address is in the source comments near the top of this document.
			This license also applies to embedded content such as images.
			For more information on that, see <a href="/en/a/licensing.xhtml">licensing</a>.
		</p>
		<p>
			<abbr title="World Wide Web Consortium">W3C</abbr> standards are important.
			This document conforms to the <a href="https://validator.w3.org./nu/?doc=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2018%2F08-August%2F28.xhtml"><abbr title="Extensible Hypertext Markup Language">XHTML</abbr> 5.2</a> specification and uses style sheets that conform to the <a href="http://jigsaw.w3.org./css-validator/validator?uri=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2018%2F08-August%2F28.xhtml"><abbr title="Cascading Style Sheets">CSS</abbr>3</a> specification.
		</p>
	</body>
</html>

